Flock CEO Garrett Langley recently exchanged emails with Staunton, VA’s Chief of Police. In the emails, he presented Flock as secure and “CJIS compliant,” and portrayed “activists” as attacking police and spreading mininformation through YouTube videos.

Is it misleading to claim Flock LPR devices use encrypted storage when they don’t?

Is it misleading to tout “CJIS compliance” when you know that’s entirely different from CJIS validation—actual verification, by the FBI, that your system meets federal security standards (like using encrypted storage)?

From: Garrett Langley <noreply@flocksafety.com>
Sent: Monday, December 8, 2025 3:37 PM
Subject: Fact Check: No Hack. We will never stop fighting for you.

Hi VA - Staunton PD Team,

I’m writing to you directly because I want there to be zero confusion about what’s happening.

Flock has never been hacked. Ever.

Flock is CJIS compliant.

Flock does not share, or resell your data. Nor have we ever.

Flock adheres to the highest security standards, including: NDAA, SOC2 (Type II), SOC3, ISO 27001, HECVAT, FERPA [and “aligned with” NIST and CAIQ].^[1]

Flock is building tools to help you fight the real crime affecting communities across the country.

Many activists don’t like that.

Let’s call this what it is: Flock, and the law enforcement agencies we partner with, are under coordinated attack.

The attacks aren’t new. You’ve been dealing with this for forever, and we’ve been dealing with this since our founding, from the same activist groups who want to defund the police, weaken public safety, and normalize lawlessness. Now, they’re producing YouTube videos with misleading headlines. They’re also trying to turn a public records process into a weapon against you and against us.

Make no mistake, we’re fighting this fight for you, and, I hope, with, you. I remain committed to building world-class technology to help you keep your communities safe. And doing so in a transparent, secure, and privacy centric way.

Garrett

Police Chief Williams, a 41-year veteran, responds:

As far as your assertion that we are currently under attack, I do not believe that this is so. I have dedicated the last 41 years of my life to serving the citizens of the City of Staunton as a police officer, the last 22 as the police chief. What we are seeing here is a group of local citizens who are raising concerns that we could be potentially surveilling private citizens, residents and visitors and using the data for nefarious purposes … In short, it is democracy in action.

Chief Williams concludes by stating he trusts Flock will continue to supply “state-of-the-art” systems to make Staunton safer.

Langley responds:

Thank you sir. … And understood on the attack perspective. It’s tough every day waking up to stories online that are misleading and only represent one side of the story. It’s[sic] sounds like in Staunton you’ve had a civil and orderly discussion. That is, in fact, democracy in action! Sadly, other cities have not been as well served.

Criminal justice information has leaked through Flock’s system before, and continues to leak. Flock claims it hasn’t been hacked, but they themselves wrote the code to record customers and transmit the recordings overseas. Flock simply hands over the the data to unvetted foreign contractors.

It should be obvious by now that the problem isn’t that the story is onesided: the facts are.

To prevent more unfavorable facts coming out, Flock continues to actively fight transparency and tries to shut down websites already publishing facts.

“They’re producing YouTube videos with misleading headlines.”

No, Garrett, your system is broken. If it were CJIS validated, it would be straightforward to publish the documentation. Each of your customers would already have a copy.

They are boilerplate public records, not state secrets; why not release them to “set the record straight”? Why not provide hard evidence that the system is secure? Not to appease activists but to strengthen public safety—prove to your customers that their data is secure and that it complies with federal law.

Instead, Langley says citizens calling for security, transparency, oversight, and accountability is an “attack.” And that such things “normalize lawlessness.”

Williams calls it what it is: democracy.

Publish the validation documents. Let the facts favor you for once. That’s democracy in action.

• Complete email exchange (PDF)